|
|
@@ -0,0 +1,194 @@
|
|
|
+From 2a6be4166fd718be0694fe8a6e3f1013c125dee2 Mon Sep 17 00:00:00 2001
|
|
|
+From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
|
|
|
+Date: Tue, 12 Jun 2018 09:01:56 +0300
|
|
|
+Subject: [PATCH] connect: fix parsing of WEP keys
|
|
|
+
|
|
|
+The introduction of MFP options added a bug that causes a
|
|
|
+segmentation fault when parsing WEP keys.
|
|
|
+Fix that.
|
|
|
+
|
|
|
+Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
|
|
|
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
|
+
|
|
|
+Upstream-Status: Backport
|
|
|
+[https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/commit/?id=0e39f109c4b8155697a12ef090b59cdb304c8c44]
|
|
|
+Signed-off-by: Liu Haitao <haitao.liu@windriver.com>
|
|
|
+---
|
|
|
+ ap.c | 2 +-
|
|
|
+ connect.c | 7 ++-----
|
|
|
+ ibss.c | 2 +-
|
|
|
+ iw.h | 3 ++-
|
|
|
+ util.c | 36 ++++++++++++++++++------------------
|
|
|
+ 5 files changed, 24 insertions(+), 26 deletions(-)
|
|
|
+
|
|
|
+diff --git a/ap.c b/ap.c
|
|
|
+index 4bab5b9..dcce402 100644
|
|
|
+--- a/ap.c
|
|
|
++++ b/ap.c
|
|
|
+@@ -116,7 +116,7 @@ static int handle_start_ap(struct nl80211_state *state,
|
|
|
+ argv++;
|
|
|
+ argc--;
|
|
|
+
|
|
|
+- return parse_keys(msg, argv, argc);
|
|
|
++ return parse_keys(msg, &argv, &argc);
|
|
|
+ nla_put_failure:
|
|
|
+ return -ENOSPC;
|
|
|
+ }
|
|
|
+diff --git a/connect.c b/connect.c
|
|
|
+index 339fc73..4a847a1 100644
|
|
|
+--- a/connect.c
|
|
|
++++ b/connect.c
|
|
|
+@@ -54,13 +54,10 @@ static int iw_conn(struct nl80211_state *state,
|
|
|
+ argv++;
|
|
|
+ argc--;
|
|
|
+
|
|
|
+- ret = parse_keys(msg, argv, argc);
|
|
|
++ ret = parse_keys(msg, &argv, &argc);
|
|
|
+ if (ret)
|
|
|
+ return ret;
|
|
|
+
|
|
|
+- argc -= 4;
|
|
|
+- argv += 4;
|
|
|
+-
|
|
|
+ if (!argc)
|
|
|
+ return 0;
|
|
|
+
|
|
|
+@@ -228,7 +225,7 @@ static int iw_auth(struct nl80211_state *state,
|
|
|
+ argv++;
|
|
|
+ argc--;
|
|
|
+
|
|
|
+- return parse_keys(msg, argv, argc);
|
|
|
++ return parse_keys(msg, &argv, &argc);
|
|
|
+ nla_put_failure:
|
|
|
+ return -ENOSPC;
|
|
|
+ }
|
|
|
+diff --git a/ibss.c b/ibss.c
|
|
|
+index 84f1e95..d77fc92 100644
|
|
|
+--- a/ibss.c
|
|
|
++++ b/ibss.c
|
|
|
+@@ -115,7 +115,7 @@ static int join_ibss(struct nl80211_state *state,
|
|
|
+ argv++;
|
|
|
+ argc--;
|
|
|
+
|
|
|
+- return parse_keys(msg, argv, argc);
|
|
|
++ return parse_keys(msg, &argv, &argc);
|
|
|
+ nla_put_failure:
|
|
|
+ return -ENOSPC;
|
|
|
+ }
|
|
|
+diff --git a/iw.h b/iw.h
|
|
|
+index ee7ca20..8767ed3 100644
|
|
|
+--- a/iw.h
|
|
|
++++ b/iw.h
|
|
|
+@@ -180,7 +180,8 @@ int parse_hex_mask(char *hexmask, unsigned char **result, size_t *result_len,
|
|
|
+ unsigned char **mask);
|
|
|
+ unsigned char *parse_hex(char *hex, size_t *outlen);
|
|
|
+
|
|
|
+-int parse_keys(struct nl_msg *msg, char **argv, int argc);
|
|
|
++
|
|
|
++int parse_keys(struct nl_msg *msg, char **argv[], int *argc);
|
|
|
+ int parse_freqchan(struct chandef *chandef, bool chan, int argc, char **argv, int *parsed);
|
|
|
+ enum nl80211_chan_width str_to_bw(const char *str);
|
|
|
+ int put_chandef(struct nl_msg *msg, struct chandef *chandef);
|
|
|
+diff --git a/util.c b/util.c
|
|
|
+index 6e0ddff..122c019 100644
|
|
|
+--- a/util.c
|
|
|
++++ b/util.c
|
|
|
+@@ -417,23 +417,23 @@ static int parse_cipher_suite(const char *cipher_str)
|
|
|
+ return -EINVAL;
|
|
|
+ }
|
|
|
+
|
|
|
+-int parse_keys(struct nl_msg *msg, char **argv, int argc)
|
|
|
++int parse_keys(struct nl_msg *msg, char **argv[], int *argc)
|
|
|
+ {
|
|
|
+ struct nlattr *keys;
|
|
|
+ int i = 0;
|
|
|
+ bool have_default = false;
|
|
|
+- char *arg = *argv;
|
|
|
++ char *arg = **argv;
|
|
|
+ char keybuf[13];
|
|
|
+ int pos = 0;
|
|
|
+
|
|
|
+- if (!argc)
|
|
|
++ if (!*argc)
|
|
|
+ return 1;
|
|
|
+
|
|
|
+ if (!memcmp(&arg[pos], "psk", 3)) {
|
|
|
+ char psk_keybuf[32];
|
|
|
+ int cipher_suite, akm_suite;
|
|
|
+
|
|
|
+- if (argc < 4)
|
|
|
++ if (*argc < 4)
|
|
|
+ goto explain;
|
|
|
+
|
|
|
+ pos+=3;
|
|
|
+@@ -451,9 +451,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
|
|
|
+ NLA_PUT(msg, NL80211_ATTR_PMK, 32, psk_keybuf);
|
|
|
+ NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, NL80211_AUTHTYPE_OPEN_SYSTEM);
|
|
|
+
|
|
|
+- argv++;
|
|
|
+- argc--;
|
|
|
+- arg = *argv;
|
|
|
++ *argv += 1;
|
|
|
++ *argc -= 1;
|
|
|
++ arg = **argv;
|
|
|
+
|
|
|
+ akm_suite = parse_akm_suite(arg);
|
|
|
+ if (akm_suite < 0)
|
|
|
+@@ -461,9 +461,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
|
|
|
+
|
|
|
+ NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, akm_suite);
|
|
|
+
|
|
|
+- argv++;
|
|
|
+- argc--;
|
|
|
+- arg = *argv;
|
|
|
++ *argv += 1;
|
|
|
++ *argc -= 1;
|
|
|
++ arg = **argv;
|
|
|
+
|
|
|
+ cipher_suite = parse_cipher_suite(arg);
|
|
|
+ if (cipher_suite < 0)
|
|
|
+@@ -471,9 +471,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
|
|
|
+
|
|
|
+ NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher_suite);
|
|
|
+
|
|
|
+- argv++;
|
|
|
+- argc--;
|
|
|
+- arg = *argv;
|
|
|
++ *argv += 1;
|
|
|
++ *argc -= 1;
|
|
|
++ arg = **argv;
|
|
|
+
|
|
|
+ cipher_suite = parse_cipher_suite(arg);
|
|
|
+ if (cipher_suite < 0)
|
|
|
+@@ -495,7 +495,7 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
|
|
|
+ struct nlattr *key = nla_nest_start(msg, ++i);
|
|
|
+ char *keydata;
|
|
|
+
|
|
|
+- arg = *argv;
|
|
|
++ arg = **argv;
|
|
|
+ pos = 0;
|
|
|
+
|
|
|
+ if (!key)
|
|
|
+@@ -537,15 +537,15 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
|
|
|
+
|
|
|
+ NLA_PUT(msg, NL80211_KEY_DATA, keylen, keydata);
|
|
|
+
|
|
|
+- argv++;
|
|
|
+- argc--;
|
|
|
++ *argv += 1;
|
|
|
++ *argc -= 1;
|
|
|
+
|
|
|
+ /* one key should be TX key */
|
|
|
+- if (!have_default && !argc)
|
|
|
++ if (!have_default && !*argc)
|
|
|
+ NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
|
|
|
+
|
|
|
+ nla_nest_end(msg, key);
|
|
|
+- } while (argc);
|
|
|
++ } while (*argc);
|
|
|
+
|
|
|
+ nla_nest_end(msg, keys);
|
|
|
+
|
|
|
+--
|
|
|
+2.17.1
|
|
|
+
|
Liu Haitao